Skip to main content

Overview

The Nexus Artifactory integration allows Backline to access packages from your Nexus Repository. This is required for Backline to build and analyze projects that use Nexus as their package registry.

What You Can Do

With the Nexus Artifactory integration, Backline can:
  • Resolve NPM packages from your Nexus repository
  • Resolve Python packages from your Nexus repository
  • Resolve Go modules from your Nexus repository
  • Build and analyze projects that depend on packages in your Nexus registry
  • Provide remediation for vulnerabilities in projects using Nexus as their package source

Supported Package Types

Package TypeNexus Repository FormatExample URL
NPMnpm (proxy/hosted/group)https://nexus.company.com:8081/repository/npm-group/
PyPIpypi (proxy/hosted/group)https://nexus.company.com:8081/repository/pypi-group/simple
Gogo (proxy)https://nexus.company.com:8081/repository/go-proxy/

Prerequisites

Before connecting Nexus Artifactory, ensure you have:
  • A Nexus Repository instance
  • Repository URLs for the package types you want to use

Authentication

Anonymous Access If your Nexus instance has anonymous access enabled, you only need to provide the repository URLs - no credentials are required. When you create the integration without specifying credentials, Backline will access repositories anonymously. Authenticated Access If your Nexus repositories require authentication, you’ll need credentials. Nexus supports two authentication methods: API Token (Recommended) API tokens provide enhanced security by using a two-part token instead of your account password. Each token consists of:
  • Token Name Code - used as the username
  • Token Pass Code - used as the password
API tokens are available in Nexus Repository Pro.
To generate an API token:
1

Access Your Profile

Click on your username in the top navigation bar.
2

Open API Token

Select API Token from the menu.
3

Generate Token

Generate your token. Nexus will display your Token Name Code and Token Pass Code.
Copy both values immediately. The Token Pass Code cannot be retrieved again - you’ll need to reset the token if lost.
API tokens are preferred because they can be reset without changing your account password, and they don’t expose your actual credentials in configuration files.
Username and Password You can also use a standard Nexus username and password. This is simpler but less secure than user tokens.

Connecting Nexus Artifactory

1

Go to Integration Hub

Navigate to Integrations from the main menu.
2

Select Nexus Artifactory

Find and click on the Nexus Artifactory integration card.
3

Configure Credentials (Optional)

If your Nexus requires authentication, provide:
  • Username: Your Nexus username or Token Name Code (if using user tokens)
  • Password: Your Nexus password or Token Pass Code (if using user tokens)
Leave both fields empty if your Nexus repositories allow anonymous access. You must provide both username and password, or neither.
4

Configure Repository URLs

Provide the URLs for the package types you want to use:
  • NPM Repository URL: Your Nexus npm repository URL
    • Example: https://nexus.company.com:8081/repository/npm-group/
  • PyPI Repository URL: Your Nexus PyPI repository URL (must end with /simple)
    • Example: https://nexus.company.com:8081/repository/pypi-group/simple
  • Go Repository URL: Your Nexus Go proxy repository URL
    • Example: https://nexus.company.com:8081/repository/go-proxy/
You only need to configure URLs for the package types your repositories use. At least one URL is required.
5

Save Configuration

Click Save to complete the integration.

Finding Your Repository URLs

To find the correct URL for each repository type in Nexus:
1

Navigate to Repositories

In Nexus Repository, go to Administration > Repository > Repositories.
2

Select Your Repository

Click on the repository you want to use (e.g., npm-group, pypi-proxy).
3

Copy the URL

The repository URL is displayed at the top of the repository details page. Look for the URL field.For PyPI repositories, append /simple to the base URL if not already included.

Repository Type Recommendations

Repository TypeRecommendation
GroupPreferred - aggregates multiple repositories (proxy + hosted)
ProxyGood for caching packages from public registries
HostedFor your own private packages only
Use group repositories when possible. They combine proxy and hosted repositories, giving Backline access to both public packages (cached) and your private packages through a single URL.

After Connection

Once Nexus Artifactory is configured, Backline will:
  1. Use the provided credentials (if any) to authenticate with Nexus
  2. Access packages from your private Nexus repositories during dependency analysis
  3. Provide remediation for projects that depend on packages in your Nexus registry

Managing the Integration

Updating Configuration

To update the integration settings:
  1. Open the Integration Hub
  2. Click on the Nexus Artifactory integration
  3. Update credentials or repository URLs as needed
  4. Click Save

Adding Package Types

To add support for additional package types:
  1. Open the Nexus Artifactory integration settings
  2. Add the repository URL for the new package type
  3. Save the changes

Disconnecting

To remove the Nexus Artifactory integration:
  1. Go to the Integration Hub
  2. Click on the Nexus Artifactory integration
  3. Select Disconnect
  4. Confirm your decision
Disconnecting will prevent Backline from accessing packages in your Nexus repository. Dependency analysis and remediation for projects using private packages may be affected.

Troubleshooting

Authentication Failed

If Backline cannot authenticate with Nexus:
  • Verify the username (or Token Name Code) is correct
  • Check that the password (or Token Pass Code) is valid
  • Ensure the user has read access to the configured repositories

Repository Not Accessible

If Backline cannot reach the repository:
  • Verify the repository URL is correct
  • Check network connectivity between Backline and your Nexus instance
  • For HTTPS URLs, ensure SSL certificates are valid

Package Resolution Issues

If specific packages cannot be resolved:
  • Verify the package exists in your Nexus repository (or is proxied from a public registry)
  • Check that the repository type matches the package manager (e.g., npm format for NPM packages)
  • For group repositories, ensure the component repositories are correctly configured

PyPI URL Format

PyPI repository URLs must end with /simple for pip compatibility:
  • Correct: https://nexus.company.com:8081/repository/pypi-group/simple
  • Incorrect: https://nexus.company.com:8081/repository/pypi-group/